Frequently asked questions about SOC reports

Frequently asked questions about SOC reports

Terms & Conditions


活动时间: 2020年8月12日-2020年9月11日


  • What is an SOC report?

    An SOC report is an independent audit issued by a third-party audit institution based on relevant guidelines developed by the American Institute of Certified Public Accountants (AICPA) for the systems and internal controls of outsourced service providers.

    SOC reports are classified as SOC 1 (including Type I and Type II), SOC 2 (including Type I and Type II), or SOC 3.

    • An SOC 1 report is intended to examine the controls related to financial reporting processes and is usually used by cloud customers and their independent auditors. SOC Type II reports provide more opinions on operational effectiveness than Type I reports to achieve related control objectives.

    • An SOC 2 report focuses on the internal operations and compliance of an organization, including controls related to security, availability, process integrity, confidentiality, and privacy. An SOC Type I report demonstrates the design rationality of internal controls within the organization, and SOC Type II reports reflects the effectiveness of the implementation of the measures during the reporting period.

    • An SOC 3 report is a summary version based on the SOC 2 Type II report and is available to the public.

    Huawei Cloud has earned SOC 1 Type II, SOC 2 Type II, and SOC 3 certification. Huawei Cloud is the first cloud service provider in the world to meet the SOC 2 requirements for controls related to security, availability, process integrity, confidentiality, and privacy. This certifies that information security controls adopted by Huawei Cloud meet strictest requirements of the internationally recognized standards and also certifies our abilities to provide you with world-class security and privacy protection.

    Huawei Cloud periodically invites third-party organizations to review its information security management systems to ensure that the ever-evolving Huawei Cloud environment and services are always protected by industry-leading information security management capabilities.

  • Which data centers are covered by the Huawei Cloud SOC reports?

    The SOC reports for Huawei Cloud cover 30+ data centers in Chinese Mainland, Hong Kong (China), Thailand, Mexico, Singapore, South Africa, Chile, and Brazil. You can download the Huawei Cloud SOC audit reports from Compliance Certificates.

  • Which Huawei Cloud services are covered by SOC reports?

    The SOC reports certification covers over 150 Huawei Cloud services including, but not limited to, Advanced Anti-DDoS (AAD), Web Application Firewall (WAF), Data Encryption Workshop (DEW), and Database Security Service (DBSS). You can download Huawei Cloud's SOC reports from Compliance Certificates.

    If you would like to learn more about our products, please contact us.

  • How long is an SOC report valid?

    SOC reports are issued based on independent audits and demonstrate the rationality and effectiveness of internal controls of an organization. SOC reports are valid once issued. Huawei Cloud invites third-party auditors to perform SOC audits twice a year. You can request SOC reports to learn how well Huawei Cloud controls meet audit requirements.